NSA official says industry lags on security

NSA official says industry lags on security

By William Jackson

GCN Staff

APRIL 10—The government is getting inadequate help from industry in securing sensitive but unclassified data, a National Security Agency official said yesterday.

'For high assurance, we will continue to build our own,' said Brian D. Snow, technical director of NSA's Information Assurance Directorate.

'Shame on you,' Snow told an audience of industry representatives at the RSA Conference 2001 in San Francisco. 'You should be doing it better.'

Snow did not call for new security features but said existing ones in operating systems, applications and hardware should be better designed, tested and implemented.

'Through the coming five-year span I see little improvement in assurance, hence little true security,' he said.

Snow said NSA is not pushing for legislation to mandate security standards, but he thinks users might demand it if they suffer enough losses from software flaws.

'If I had to bet, I'd bet on legislation if the industry doesn't act,' he said.

NSA, which once shunned public exposure, now frequently takes part in public forums such as the RSA conference, sponsored by RSA Security Inc. of Bedford, Mass

inside gcn

  • open doors to cloud (Sergey Nivens/Shutterstock.com)

    New vendors join FedRAMP Connect

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above